A new wave of Cybercrime hits PayPal users. Fraudsters have developed a sophisticated phishing scam that exploits PayPal's "new address" function. This scam is so sophisticated that it can fool even experienced users.
The fraudsters send e-mails that look deceptively genuine. They inform you of a supposedly new address and an imminent delivery of an expensive product. The aim: to steal your personal data.
In this article, we explain how you can recognize these scams and protect yourself against them. We give you practical tips on how to keep your online transactions secure.
Important findings
- Fraudsters use official PayPal e-mail addresses
- Fake purchase confirmations for expensive products are smuggled in
- A vulnerability in the address management system is exploited
- Fraudsters offer "help" through remote access software
- Warning signs are cryptic e-mail addresses in the salutation
What is phishing and how does it work?
Phishing is a form of identity theft that can damage our Privacy threatened. Fraudsters try to obtain sensitive information such as passwords or credit card details. The Safety awareness of the user is crucial.
Definition of phishing
Phishing refers to fraudulent attempts to steal personal data through fake messages. Attackers pretend to be trustworthy companies in order to trick victims into disclosing sensitive information.
Typical phishing methods
Fraudsters use various tactics to achieve their goals:
- Sending fake payment requests
- Exploiting e-mail distribution lists for mass mailings
- Manipulation of the "Address 2" field in PayPal accounts
- Use of official PayPal functions such as "Request money"
Why PayPal is a popular target
PayPal is an attractive target for phishing attacks due to its popularity and the way it handles financial data. Fraudsters exploit the trustworthiness of the brand to make their attacks appear credible.
| Phishing tactics | Description |
|---|---|
| Fake e-mails | Use of service@paypal.com as the sender |
| High monetary claims | Alleged orders for expensive electronic items |
| False advertisements | Google ads posing as PayPal customer service |
| Misuse of PayPal functions | Use of "no-code checkout" for fraudulent payment links |
To protect yourself from phishing, it is important to check suspicious messages critically and never disclose sensitive data without verifying the authenticity of the request.
The new PayPal phishing wave in detail
The current wave of phishing against PayPal users reveals new, sophisticated methods. Fraudsters are using sophisticated techniques to obtain sensitive data. Spam e-mails are just the beginning of a complex scam.
Properties of the new mesh
The fraudsters often use impersonal salutations such as "Dear user" or false e-mail addresses. They threaten to block accounts and lure you in with alleged incoming payments. Particularly dangerous: a fake contact number for alleged fraud attempts.
This is what a phishing message looks like
Typical features are
- Subject such as "You must confirm your details"
- Request to harmful links to click
- Spelling mistakes (e.g. "zugriff", "beschränkung")
- Illogical sentences like "To your safety"
These messages often lead to fraudulent websites that look deceptively similar to genuine PayPal sites. The aim is to steal access data or financial information. If you are suspicious, you should forward the e-mail to phishing@paypal.com and delete it.
The role of the 'New address' function
PayPal's 'New Address' function plays a central role in this new form of online fraud. Cybercriminals are using this actually helpful function to carry out their phishing attacks and steal the Precautionary measures of the user.
Explanation of the 'New address' function
PayPal offers users the option of adding new addresses to their account. This function is normally intended to enable payments to different delivery addresses. After each address change, PayPal sends a confirmation email to the account holder.
Misuse for phishing attacks
Fraudsters exploit this function by adding a new address to their own PayPal account. This new address often contains a long, complex email address. PayPal then sends a genuine confirmation email to this address. Since the email comes from the official PayPal address "service@paypal.com", it bypasses common spam filters.
The cyber criminals automatically forward these emails to their own addresses. This gives them access to official PayPal messages, which they misuse for their phishing attacks. This method of Cybercrime is particularly dangerous, since it does not Precautionary measures of the user.
"The current phishing scam uses PayPal's change of address function to bypass server-side spam filters."
To protect yourself from this Online fraud it is important to check every e-mail critically - even if it appears to come from a trustworthy source.
Detection of suspicious e-mails
It's important in the digital world, Spam e-mails and harmful links to recognize. A sharpened Safety awareness helps to ward off phishing attempts.
Characteristics of phishing e-mails
Phishing e-mails often have characteristic features:
- Missing personal salutation
- Spelling mistakes and poor writing style
- Threats and deadlines set
- Request to enter personal data
- Unsolicited e-mails in English
With the current PayPal scam, the unusual form of address is particularly noticeable. Instead of your name, it often contains a cryptic email address such as "Hello, SaleFinalized@infos-noreply.com".
Important safety information
To protect yourself against phishing, please note the following points:
- Check the e-mail header with the sender's IP address
- Be careful with e-mails in HTML format
- Do not click on suspicious links
- Do not disclose any personal data
- Forward phishing emails to phishing@verbraucherzentrale.nrw
If you suspect phishing, you should act immediately. Block your online access, your account and your credit and debit cards. Keep the e-mail as evidence in case you have become a victim.
Protective measures against PayPal phishing
To protect your PayPal account from phishing attacks, there are some important Precautionary measures to note. The Safety awareness The user plays a decisive role in the Privacy.
Activate two-factor authentication
One of the most effective protective measures is to activate two-factor authentication. This additional layer of security makes it more difficult for fraudsters to access your account, even if they know your password.
- Log in to your PayPal account
- Go to the settings
- Select "Security
- Click on "Set up two-factor authentication"
- Follow the instructions for setting up
Report suspicious messages
Reporting suspicious messages is an important contribution to protecting the PayPal community. Forward suspicious emails to phishing@paypal.com. PayPal can react quickly and warn other users.
| Suspicious features | Correct action |
|---|---|
| Impersonal form of address | Ignore and report |
| Urgency ("Act immediately!") | Keep calm, contact PayPal directly |
| Suspicious links | Do not click, check URL |
| Unsolicited attachments | Do not open, report e-mail |
Please note: Official PayPal e-mails come from service@paypal.com. Be wary of emails from similar-looking addresses. Your security awareness is the best protection against phishing attacks.
Procedure for suspicious activities
If you show signs of Online fraud or Cybercrime on your PayPal account, quick action is crucial. Here you can find out what precautions you should take and how you can get support.
Take immediate action
In the event of suspected phishing or unusual account activity:
- Check your account directly on paypal.com, never via email links
- Change your password immediately
- Report suspicious emails to phishing@netzwelt.de
- Do not install software on the instructions of alleged support staff
Support from PayPal customer service
The real PayPal customer service offers help with security problems. Please note:
| Authentic PayPal support | Fraudulent contact attempts |
|---|---|
| Does not contact you unsolicited | Often calls "on the off chance" |
| Does not demand payments over the phone | Urges immediate payments |
| Uses official contact channels | Uses WhatsApp or dubious numbers |
Stay vigilant and report suspicious activity immediately. In this way, you effectively protect yourself against cybercrime and contribute to the security of all PayPal users.
Security updates from PayPal
PayPal is constantly working to improve the Privacy and strengthen users' security awareness. At the beginning of March 2023, the company announced changes to its terms and conditions in response to new threats.
New security functions at a glance
PayPal is introducing new precautionary measures to combat phishing attacks. These include:
- Increased verification of payments without PayPal registration
- Improved detection of suspicious activity in "Family & Friends" transfers
- Introduction of character limits in the additional address field
Frequent security questions from users
Many users ask themselves how they can best protect their account. Here are some important tips:
- Check your account transactions regularly
- Do not respond to urgent requests in e-mails
- Do not call unknown numbers back
- Use the option to block suspicious numbers
If you suspect fraud, you can contact the Federal Network Agency. It offers forms for complaints about unwanted calls to warn others about such scams.
The role of user education
Security awareness is the key to combating Online fraud. At a time when phishing attacks are becoming increasingly sophisticated, it is important that users are aware of the latest scams.
Importance of education on the Internet
Digital education plays a crucial role in protecting personal data. The more users know about security risks, the better they can protect themselves. PayPal and other platforms regularly offer training courses to raise security awareness.
Resources for the secure use of online payments
There are numerous resources that users can use for secure online banking:
- PayPal's Security Center with up-to-date information on fraud scams
- Consumer protection portals with tips on data protection and precautionary measures
- Official bank websites with security information
An important precautionary measure is to report suspicious emails to phishing@paypal.com. In this way, users actively contribute to the protection of the community. Stay vigilant and continuously expand your knowledge of online security. Only together can we make the Internet safer.
Conclusion: How to stay protected
Online fraud and cybercrime are constantly evolving. Increased security awareness is therefore essential. The new PayPal phishing scam shows how cleverly fraudsters operate. They use the "friends and family" function to defraud unsuspecting users of their money.
Summary of the most important points
Fraudsters have already caused millions in losses. In the case of unauthorized direct debits, you have up to 8 weeks for a chargeback. With PayPal guest payments, up to 1500 euros can be transferred without identity verification. Criminals exploit these loopholes. Always use the "Send refund" function to correctly allocate transactions.
Call for vigilance and security
Stay alert for unexpected incoming payments. Carefully check every request for a refund. Activate two-factor authentication for your PayPal account. Act immediately if you suspect online fraud. Report suspicious activity to PayPal and your bank immediately. Only by paying more attention and acting quickly can we work together to curb cybercrime.
English 
Deutsch 
Español 
Français 
Polski